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Mh| In analogy with e-biascd sets over Z2, wc construct explicit e-biased sets over nonabelian 

finite groups G. That is, we find sets S C G such that || E2:g5p(a;)|| < e for any nontrivial 
f^ I irreducible representation p. Equivalently, such sets make G's Cayley graph an expander with 

ff^ ■ eigenvalue |A| < e. The Alon-Roichman theorem shows that random sets of size 0(log |G|/e^) suf- 

fice. For groups of the form G = Gi x • • • x G„, our construction has size poly(maxi |Gi|, n, £~^), 
and we show that a set 5* C G" considered by Meka and Zuckerman that fools read-once branch- 
ing programs over G is also e-biased in this sense. For solvable groups whose abelian quotients 
have constant exponent, we obtain e-biased sets of size (log |G|)^+''^^-' poly(e~^). Our techniques 



'^ I include derandomized squaring (in both the matrix product and tensor product senses) and a 

Chernoff-like bound on the expected norm of the product of independently random operators 
that may be of independent interest. 

> 

•^ ■ 1 Introduction 



Small-bias sets are useful combinatorial objects for derandomization, and are particularly well- 
studied over the Boolean hypercube {0, 1}". Specifically, if we identify the hypercube with the 
group Z2, then a character x is a homomorphism from Zj to C We say that a set S" C Fg is 
I^ , e-biased if, for all characters x, 

E xix) <e, 



ij . except for the trivial character 1, which is identically equal to 1. Since any character of Fj 

I'jjj ' can be written x(a;) = (— l)*^'^ where /c S Zj is the "frequency vector," this is equivalent to the 

C^ , familiar definition which demands that on any nonzero set of bits, x's parity should be odd or 

even with roughly equal probability, (1 ± e)/2. 

It is easy to see that e-biased sets of size 0{n/e^) exist: random sets suffice. Moreover, several 
efficient deterministic constructions arc known [13, 1, 3, 4] of size polynomial in n and 1/e. These 
constructions have been used to derandomize a wide variety of randomized algorithms, replacing 
random sampling over all of {0, 1}" with deterministic sampling on S (see e.g. [•")]). In particular, 
sampling a function on an e-biased set yields a good estimate of its expectation if its Fourier 
spectrum has bounded £1 norm. 

The question of whether similar constructions exist for nonabelian groups has been a topic of 
intense interest. Given a group G, a representation is a homomorphism p from G into the group 
U(d) oi d X d unitary matrices for some d = dp. If G is finite, then up to isomorphism there is 
a finite set G of irreducible representations, or irreps for short, such that any representation a 
can be written as a direct sum of irreps. These irreps form the basis for harmonic analysis over 
G, analogous to classic discrete Fourier analysis on abelian groups such as Zj, or Zj . 
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Generalizing the standard notion from characters to matrix-valued representations, we say 
that a set S' C G is e-biased if, for all nontrivial irreps p € G, 



E p{x) 

xGS 



<£, 



where || • || denotes the operator norm. There is a natural connection with expander graphs. If 
we define a Cay ley graph on G using S* as a set of generators, then G becomes an expander if 
and only if S is e-biased. Specifically, if M is the stochastic matrix equal to l/\S\ times the 
adjacency matrix, corresponding to the random walk where we multiply by a random element 
of S at each step, then Af s second eigenvalue has absolute value e. Thus e-biascd sets S are 
precisely sets of generators that turn G into an expander of degree \S\. 

The Alon-Roichman theorem [2] asserts that a uniformly random set of 0((log \G\)/e^) group 
elements is e-biased with high probability. Thus, our goal is to derandomizc the Alon-Roichman 
theorem — finding explicit constructions of e-biascd sets of size polynomial in log|G| and 1/e. 
(For another notion of derandomizing the Alon-Roichman theorem, in time poly(|G|), see Wigder- 
son and Xiao [17].) 

Throughout, we apply the technique of "derandomized squaring" — analogous to the prin- 
cipal construction in Rozenman and Vadhan's alternate proof of Reingold's theorem [15] that 
Undirected Reachability is in LOGSPACE. In particular, we observe that derandomized squaring 
provides a generic amplification tool in our setting; specifically, given a constant-bias set 5', we 
can obtain an e-biascd set of size 0(|S'|e~^^). We also use a tensor product version of deran- 
domized squaring to build e-biased sets from G recursively, from e-biased sets for its subgroups 
or quotients. 

Homogeneous direct products and branching programs Groups of the form G" 
where G is fixed have been actively studied by the pscudorandomness community as a special- 
ization of the class of constant-width branching programs. The problem of fooling "read-once" 
group programs induces an alternate notion of e-biased sets over groups of the form G" defined 
by Meka and Zuckerman [III]. Specifically, a read-once branching program on G consists of a 
tuple g = {gi, . . . , g„) G G" and takes a vector of n Boolean variables b = (&i, . . . , 6„) as input. 
At each step, it applies g,j% i.e., gi if bi = 1 and I if 6.; = 0. They say a set S* C G" is e-biascd 
if, for all b ^ 0, the distribution of g*^ is close to uniform, i.e.. 



V/ieG 



.Sl^" = '1-151 



< e where g"" = H ^^ ' (^) 



?:=l 



As they comment, there is no obvious relationship between this definition and the one we 
consider.^ We are unable to establish such a connection in general. However, we show in 
Section 2 that a particular set shown to have property (1) in [10] is also e-biased in our sense; 
the proof is completely different. This yields e-biased sets of size 0{n ■ poly(e~^)). 

Inhomogeneous direct products For the more general case of groups of the form G = 
Gi X • • • X G„ , we show that a tensor product adaptation of derandomized squaring yields a 
recursive construction of e-biascd sets of size poly(maxi \Gi\, n, 1/e). 

Normal extensions and "smoothly solvable" groups Finally, we show that if G is 
solvable and has abelian quotients of bounded exponent, we can construct e-biased sets of size 
(log ]G])^+°'"'^-' poly(e~^). Here we use the representation theory of solvable groups to build an 
e-biased set for G recursively from those for a normal subgroup H and the quotient G/ H. 



^In particular, there is no obvious way to amplify in their setting: for instance, squaring a set S by multiplication 
in G" squares the operator norm of any representation, but it has a very complicated effect on the distribution of g''. 



2 An explicit set for G" with constant e 

Meka and Zuckcrnian [10] considered the following construction for fooling rcad-oncc group 
branching programs: 

Definition 1. Let G be a group and n £ N. Then, given an e-biased set S over Z|J_,|, define 

We prove the following theorem, showing that this construction yields sets of small bias in 
our sense (and, hence, expander Cayley graphs over G"). 

Theorem 1. // S is e-biased over Z|q| then Ts is (1 — 0(1/ log log |G|)^ + e)-biased over G". 

Anticipating the proof, we set down the following definition. 

Definition 2. Let G be a finite group. For a representation p E G and a subgroup H, define 

n^ = E p(h) 

to be the projection operator induced by the subgroup H in p. In the case where H = (g) is 
the cyclic group generated by g, we use the following shorthand: 

Finally, for groups of the form G" we use the following convention. Recall that any irreducible 
representation p G G" is a tensor product, p = {^"^^ Pi where pi £ G for each i. That is, if 

3 = (gi, . . . , g„), then p{g) = 02=^ Piigt)- Then for an element g € G, we write 



n§ = n^,. = ' 



in^' 



(2) 



for the projection operator determined by the abelian subgroup (g)". 

Lemma 2. Let G be a finite group and p a nontrivial irreducible representation of G. Then 



E UP 
g&G s 



< 1 



H\G\) 
\G\ 



< 1-0 



where </>(•) denotes the Euler totient function. 
Proof. Expanding the definition of 11^ , , we have 



(s)' 



1 



log log I G| 



E UP 



^^ E p{g') 


< E 


Ep{g') 


eGteZ|G| 


teZ|G| 


g 



Recall that the function x i-> x*^ is a bijection in any group G for which gcd(|G|, k) = 1. Moreover, 
for such k, Eg p{g'') = Eg p{g) = as p 7^ 1. Assuming pessimistically that || Eg p{g'')\\ = 1 for 
all other k yields the bound |j EggcII^ J| < 1 — (/)(|G|)/|G| promised in the statement of the 
lemma. The function (t>{n) has the property that 



(n)> 



eTloglogn+i^^^j^ 



for n > 3, where 7 « .5772 ... is the Euler constant [14]; this yields the second estimate in the 
statement of the lemma. D 



Our proof will rely on the following tail bound for produets of operator-valued random 
variables, proved in Appendix B. 

Theorem 3. Let P{H) denote the cone of positive operators on the Hilhert space H . Let 
Pi,...,Pk he independent random variables taking values in P{H) for which \\Pi\\ < 1 and 
\\^[Pi\\\ < l-f^- Then 



Pr 



k5 
\Pk---Pi\\ > VdimiJexp ( 



We return to the proof of Theorem 1. 
Proof of Theorem 1. For a non-trivial irrep p = pi 



<dimiJ-cxp ( — — ] . 



) Pn G G" , we write 



where s = (si,...,s„), g* = (g^^, . . . ,5*"), and Kesn p denotes the restriction of p to the 
subgroup H C G". For a particular g £ G,we decompose the restricted representation Res(g),i p 
into a direct sum of irreps of the abelian group (g)" = Z!*, > , . This yields 

X6{ff>" 

where each x is a one-dimensional representation of the cyclic group (g)" and a^ denotes the 
multiplicity with which x appears in the decomposition. 

Now, as S is an £-biased set over ZJ^,, its quotient modulo any divisor d of |G| is e-biased 
over ZJJ. It follows that 



E x(.^) 

s£S 



<e 



for any nontrivial x! when x is trivial, the expectation is 1. Thus for any fixed g (z G we may 
write 

E^ (Rcs,„yp)ign=IlP + EP. 



s£S 



Recall that 11^ is the projection operator onto the space associated with the copies of the trivial 
representation of (g)" in Res^g^r. p, i.e., the expectation we would obtain if s ranged over all of 
(g)"" instead over just S. The "error operator" Ej! arises from the nontrivial representations of 
(g)" appearing in Res(g)n p, and has operator norm bounded by e. It follows that 



E p{t) 



, E Pig') 
geG \ses 



E (n'r 
gee"- s 



EP] 



< 



geG 



ns 



E EP 
geG 3 



< 



geG 



HP 



■£, 



and it remains to bound || Eggcn^jH. 

As Egi=G n^ is Hcrmitian, for any positive k we have 



E n^ 

geG ^ 



\ 



E n§ 

geG 



(3) 



,F.\k 



SO we focus on the operator (Eggc Ilg) . Expanding HP = {^^ 11^' , we may write 



E n^" 

geG » 



Sl,---.Sfe 



L 91 gki 



E 
gi,---,gk 



<S)Kl-Kl 



i=l 



(4) 



As p is nontrivial, there is some coordinate j for which pj is nontrivial. Combining (4) with the 
fact that \\A®B\\ = M!1||B||, we conclude that 



/ \'= 




E n^ 


< E 



ing:---ng: 



j=i 



< E \\n'^i---upi\ 

gi,...,gk " -^ '"- ' 



(5) 



Lemma 2 asserts that IJEgllg || < 1 — 5g, where 5g = rj(l/loglog IG]). It follows then from 
Theorem 3 that 



Pr 



31 gk 



> ydj cxp(— fctJc/B) 



< dj ■ exp (— fc(5Q/13) 



(6) 



(1) 



where dj = dimpj. This immediately provides a bound on JKEgll^) j|. Specifically, combin- 
ing (5) with (6), let us pessimistically assume that IJIIgj •••Ilg^ll = dj exp(— fefJc/S) for tuples 
(f/i, . . . ,gk) that do not enjoy property (|), and 1 for tuples that do. Then 

A: 



E n^ 

geG » 



< E n«...n« 

gi....,gk" ^^ '"" ' 



< dj exp (-fc^^lS) + (1 - dj cxp (-fc(5|/13)) v^^exp {-kSa/^) 

< 2dj exp (-fc(5^/13) , 



and hence 



E n^ 

see » 



< inf ( {/2dj ) • exp(-5^/13) = 1-0 (1/loglog |G|)" , 



where we take the limit of large k. 
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3 Derandomized squaring and amplification 

In this section wc discuss how to amplify e-biascd sets in a generic way. Specifically, we use 
derandomized squaring to prove the following. 

Theorem 4. Let G be a group and S an 1/10-biased set on G. Then for any e > 0, there 
is an e-biased set S^ on G of size 0{\S\e^^^). Moreover, assuming that multiplication can be 
efficiently implemented in G, the set Se can be constructed from S in time polynomial in \Se\- 

We have made no attempt to improve the exponent of e in \Se\- 

Our approach is similar to [15]. Roughly, if 5* is an e-biased set on G we can place a degree-d 
expander graph T on the elements of 5" to induce a new set 

5 xr 5* = {st I (s, t) an edge of T} . 

If yO : G — )■ U(l^) is a nontrivial representation of G, by assumption || E^gs p{g)\\ < s. Applying 
a natural operator- valued Rayleigh quotient for expander graphs (see Lemma 5 below), we 
conclude that 

< A(r) + e2. 



E p{s)p{t) 
(s,t)6r 



E pist) 
(s,t)er 



If r comes from a family of Ramanujan-like expanders, then A(r) = 0(l/\/d), and we can 
guarantee that A(r) = O(e^) by selecting d = 8(£:~^). The size of the set then grows by a factor 
of IS* Xr <S'|/|5'| ~ d~ 6(e^^). We make this precise in Lemma 6 below, which regrettably loses 
an additional factor of £~^ . 

Preparing for the proof of Theorem 4, we record some related material on expander graphs. 



Expanders and derandomized products For a d-regular graph G = {V,E), let A 

denote its normalized adjacency matrix: A„„ = l/d if (u, v) € E and otherwise. Then A 
is stochastic, normal, and has operator norm ||ylj| = 1; the uniform eigenvector y+ given by 
2/+ = 1 for all s G V has eigenvalue 1. When G is connected, the eigenspace associated with 1 
is spanned by this eigenvector, and all other eigenvalues lie in [—1, 1). 

Bipartite graphs will play a special role in our analysis. We write a bipartite graph G on 
the bipartition U, V as the tuple G ~ {U, V; E). In a regular bipartite graph, we have \U\ = \V\ 
and —1 is an eigenvalue of A associated with the eigenvector y~ which is +1 for s G U and —1 
for s gV . When G is connected, the eigenspace associated with —1 is one-dimensional, and all 
other eigenvalues lie in (—1, 1): we let A(G) < 1 be the leading nontrivial eigenvalue: 

A(G)= sup p/yl|/||y||. 

When y _L y±, observe that |(y,My)| < ||y|i • ||Afy|l < A|ly|p by Cauchy-Schwarz. 

We say that a d-regular, connected, bipartite graph G = {U, V; E) for which \U\ = \V\ = n 
and A(G) < A) is a bipartite {n, d, h)-expander. A well-known consequence of expansion is that 
the "Rayleigh quotient" determined by the expander is bounded: for any function / : U^V — > M 
defined on the vertices of a (n, d. A) expander for which X]ue;7 -^("^ ~ Tlvev /(^) ~ ^^ 

E J{u)f{v)<\\\,f\\l. 

{u,v)eE 

We will apply a version of this property pertaining to operator- valued functions. 

Lemma 5. Let G = {U,V;E) be a bipartite {n,d,X)- expander. Associate with each vertex 
s (z U ^V a linear operator Xg on the vector space C^ such that \\Xs\\ < 1, uEy^^u X^Al < eu, 
and Etjgy AT^ < ev ■ Then 



{u,v)eE 



< X+il- X)euev 



We will sometimes apply Lemma 5 to the tensor product of operators. That is, given the same 
assumptions, we have 



E Xu®X^ 
(u,v)eE 



< \ + {l- X)euev- 



To see this, simply apply the lemma to the operators Xu (E) 1 and 1 (g) Xy. 

Critical in our setting is the fact that this conclusion is independent of the dimension d. A 
proof of this folklore lemma appears in Appendix A; see also [(i] for a related application to 
branching programs over groups. 

Amplification We return now to the problem of amplifying e-biased sets over general groups. 

Lemma 6. Let S be an e-biased set on the group G. Then there is an s' -biased set S' on G for 
which e' < 5e^ and \S'\ < C\S\e~^ , where C is a universal constant. Moreover, assuming that 
multiplication can be efficiently implemented in G, the set S' can be constructed from S in time 
polynomial in |S"|. 

Proof. We proceed as suggested above. The only wrinkle is that we need to introduce an 
expander graph on the elements of S that achieves second eigenvalue 0(e^). 

We apply the explicit family of Ramanujan graphs due to Lubotzky, Phillips, and Sarnak [9]. 
For each pair of primes p and q congruent to 1 modulo 4, they obtain a graph Tp^q with p{p^ — 1) 
vertices, degree g-t- 1, and A(rp,g) = 2^/{q-\- 1) < 2/y^. We treat Tp^g as a bipartite graph by 
taking the double cover: this introduces a pair of vertices, va and wb, for each vertex v of Tp^g 



and introduces an edge (ua,vb) for each edge {u,v). This graph has eigenvalues ±A for each 
eigenvahie A of Fp^g, so except for the ±1 eigenspace the spectral radius is unchanged. 

As we do not have precise control over the number of vertices in this expander family, we 
will use a larger graph and approximately tile each side with copies of S. Specifically, we select 
the smallest primes p,q = 1 (mod 4) for which 

p(/ - 1) > 1^1 • [e-^l and 2/^<e\ (7) 

Wc now associate elements of S with the vertices (of each side) of F = Fp ^ = {U, V; E) as 
uniformly as possible; specifically, we partition the vertices of U and V into a family of blocks, 
each of size \S\] this leaves a set of less than \S\ elements uncovered on each side. Then elements 
in the blocks are directly associated with elements of S\ the "uncovered" elements may in fact 
be assigned arbitrarily. As \U\ = \V\ > \S\\e~^~\, the uncovered elements above comprise less 
than an e-fraction of the vertices. As above, we define the set S xr S ~ {uv \ {u, v) G E} (where 
we blur the distinction between a vertex and the element of S to which it has been associated) . 

Consider, finally, a nontrivial representation p of G. As the average over any block of U 
or V has operator norm no more than e, and we have an e- fraction of uncovered elements, the 
average of p over each of U and V is no more than (1 — e)e + e < 2e. Applying Lemma 5, we 
conclude that || EsgsxrS p{-^)\\ ^ (2£)^ + A(F) < 5e^ by our choice of q (the degree less one). 

By Dirichlet's theorem on the density of primes in arithmetic progressions, p and q need be no 
more than (say) a constant factor larger than the lower bounds p{p^ ~ 1) > l'S'|e~^ and q > 4e^'* 
imphed by (7). Thus there is a constant C such that |S"| = p{p^ - l){q + 1) < CIS"] • e'^. D 

Remarks The construction above is saddled with the tasks of identifying appropriate primes 
p and q, and constructing the generators for the associated expander of [9]. While these can 
clearly be carried out in time polynomial in |S"|, alternate explicit constructions of expander 
graphs [12] can significantly reduce this overhead. However, no known explicit family of Ra- 
manujan graphs appears to provide enough density to avoid the tiling construction above. On 
the other hand, expander graphs with significantly weaker properties would suffice for the con- 
struction: any uniform bound of the form A < cVdegree would be enough. 

Proof of Theorem 4- We apply Lemma 6 iteratively. Set Eq = 1/10. After t applications, we 
have an et-biased set where et = 2~^ /5. After t = [logj log2(l/5e)] steps, we have 5e^ <£*<£. 
The total increase in size is 




C* f-^\ ' < (C/5)*(50£2)-5 ^ 0(e-i"(loge-i)0(i)) = ©(g-H) . 



D 

Combining Theorem 4 with the e-biased sets constructed in Section 2 we establish a family 
of e-biased set over G" for smaller e: 

Theorem 7. Fix a group G. There is an e-biased set in G" of size 0{ne~^^) that can be 
constructed in time polynomial in n and e~^ . 

Proof. Alon et al. [1] construct a families of explicit codes over finite fields which, in particular, 
offer (5-biascd sets over Z" of size 0{7i) for any constant S. As G is fixed, applying Theorem 1 to 
these sets over Z|c| with sufficiently small 6 w l/loglog|G| yields an eo-biascd set 5*0 over G", 
where Eq is a constant close to one (depending on the size of G and the constant S). We cannot 
directly apply Theorem 4 to 5*0, as the bias may exceed 1/10. To bridge this constant gap 
(from £o to 1/10), we apply the construction of the proof of Theorem 4 with a slight adaptation. 
Selecting a small constant a, we may enlarge the expander graph to ensure that it has size at 
least |S'o|(l/a); then the resulting error guarantee on each side of the graph bipartition is no 



more than a + (1 — a)e and the product set has bias no more than {a + e)^ + A(r). This ean 
be brought as close as desired to e^ with appropriate selection of the constants a and A(G). As 
A(G) is constant, this transformation likewise increases the size of the set by a constant, and 
this method can reduce the error to 1/10, say, with a constant-factor penalty in the size of Sq. 
At this point. Theorem 4 applies, and establishes the bound of the theorem. D 

4 Inhomogeneous direct products 

Groups of the form G = Gi x ■ ■ ■ x Gn appear to frustrate natural attempts to borrow e-biased 
sets directly from abclian groups as we did for G" in Section 2. In this section, we build an 
e-biascd set for groups of this form by iterating a construction that takes e-biased sets on two 
groups Gi and G2 and stitches them together, again with an expander graph, to produce an 
e'-biased set on Gi x G2. In essence, wc again use derandomizcd squaring, but now for the 
tensor product of two operators rather than their matrix product. 

Construction 1. Let Gi and G2 be two groups; for each i = 1,2, let Si be an e^-biased set 
on Gi. We assume that \Si\ < \S2\- Let T = {U,V;E) be a bipartite (|S'2|, d, A)-expander. 
Associate elements of V with elements of S2 and, as in the proof of Lemma 6, associate elements 
of 5*1 with U as uniformly as possible. As above, we order the elements of U and tile them with 
copies of Si, leaving a collection of no more than Si vertices "uncovered"; these vertices are 
then assigned to an initial subset of Si of appropriate size. Define 5*1 ^r S2 C Gi x G2 to be 
the set of edges of F (realized as group elements according to the association above) . 

Recall that an irreducible representation p of Gi x G2 is a tensor prodoct pi p2j where 
each Pi is an irrep of Gi and ^(51,52) = Pi (51) ® ^2(52)- If P is nontrivial, then one or both of 
pi and p2 is nontrivial, and the bias we achieve on p will depend on which of these is the case. 



Claim 8. Assuming that \Si\ 
no more than 



< 1 52 1, the set Si ®r S2 of Construction 1 has size d\S2\ and bias 
A + e2 1 ei 



max £2, El 



\Si[ 

\S2\ 



\Si\ 

\S2\ 



Proof. The size bound is immediate. As for the bias, let p ^ pi ® P2 be nontrivial. If pi = 1, 



E {pi®p2){s) 

seSi®rS2 



\P2{V) 
vEV 



<e2, 



(8) 



as 5*2 is in one-to-one correspondence with V . In contrast, if p2 = 1, the best we can say is that 
E (pi®p2)(.) = ^p,i^a)<(l-\-^\ei+\-^<ei+\-^ (9) 

sGS'i®rS'2 ueU \ P2I/ P2I P2I 

as in the proof of Lemma 6. When both pi are nontrivial, applying Lemma 5 to (8) and (9) 
implies that 



^ E {pi®P2){s) 



.A + .I.. + M 



as desired. 



(10) 
D 



Finally, wc apply Construction 1 to groups of the form Gi x • • • x G„. 

Theorem 9. Let G = Gi x • • • x G„. Then, for any e, there is an e-biased set in G of size 
poly(maxi \Gi\,n,e~^). Furthermore, the set can be constructed in time polynomial in its size. 



Proof. Given the amplification results of Section 3, we may focus on constructing sets of constant 
bias. We start by adopting the entire group Gi as a 0-biased set for each Gi, and then recursively 
apply Construction 1. This process will only involve expander graphs of constant degree, which 
simplifies the task of finding the expander required for Construction 1. In this case, one can 
construct a constant degree expander graph of desired constant spectral gap on a set X by 
covering the vertices of X with a family of overlapping expander graphs, uniformizing the degree 
arbitrarily, and forming a small power of the result. So long as the pairwisc intersections of the 
covering expanders are not too small, the resulting spectral gap can be controlled uniformly. 
(This luxury was not available to us in the proof of Lemma 6, since in that setting we required 
A tending to zero, and insisted on a Ramanujan-likc relationship between A and the degree.) 

The recursive construction proceeds by dividing G into two factors: A = Gi x ■ ■ ■ x G„' and 
B = Gn'+i X ■■■ X Gn, where n' = \n/2\. Given small-biased sets Sa and 5*5, we combine 
them using Construction 1. Examining Claim 8, we wish to ensure that jS'^il/IS'sl is a small 
enough constant. To arrange for this, we assume without loss of generality that I^bI > \Sa\ 
and duplicate Sb five times, resulting in a (multi-)set S'^ such that |S'A|/|S'g| < 1/5. 

Assume that each of the recursively constructed sets Sa, Sb has bias at most 1/4. We apply 
Construction 1 to Sa and S'g with an expander V of degree d for which A < 1/8, producing the 
set S = Sa ®r S'^. Ideally, we would like S to also be 1/4-biascd, in which case a set of constant 
bias and size poly(maxi jGij,/!) would follow by induction. 

Let p = PA ® Pb ^G nontrivial, where pA & A and ps € B- If pA = 1 then, as in (8), 
||EsgSp(s)|| < 1/4. Likewise, if both pA and pB are nontrivial, (10) gives ||Esgsp(s)|| < 
1/8 + 1/4(1/4 + 1/5) < 1/4. At first inspection, the case where ps = 1 appears problematic, 
as (9) only provides the discouraging estimate ||Esg5p(s)|| < 1/4+ 1/5. Thus it seems possible 
that iterative application of Construction 1 could lose control of the error. However, as long 
as the tiling of [/, the left side of the expander in Construction 1, is carried out in a way 
that ensures that the uncovered elements of U arc tiled with respect to previous stages of the 
recursive construction, it is easy to check that subsequent recursive appearances of this case can 
contribute no more than the geometric series 1/5+ (1/5)^ + ■ ■ ■ = 1/4 to the bias. Any following 
recursive application of the construction in which the representation is nontrivial in both blocks 
will then drive the error back to 1/4, as 1/8 + 1/4(1/4 + 1/4) = 1/4. (If this case occurs at the 
last stage of recursion, then S still has bias at most 1/4 + 1/5 < 1/2.) 

Recall that for the base case of the induction, we treat each G,; as a 0-biased set for it- 
self. Since there are logj n layers of recursion, and each layer multiplies the size of the set by 
the constant factor 5(i, we end with a 1/2-biased set S of size at most (5(i)'°S2" nrax^ \Gi\ — 
poly(maxi |Gi|,n). Finally, applying the amplification of Theorem 4, after first driving the bias 
down to 1/10 as in Theorem 7, completes the proof. D 

We note that if the Gi are of polynomial size, then we can use the results of Wigdcrson and 
Xiao [17] to find e-biased sets of size 0(log \Gi\) in time poly(|Gi|). Using these sets in the base 
case of our recursion then gives a e-biased set for G of size poly(maxi log |Gi|, n, e^^). 

5 Normal extensions and smoothly solvable groups 

While applying these techniques to arbitrary groups (even in the case when they have plentiful 
subgroups) seems difficult, for solvable groups can again use a form of derandomized squaring. 
First, recall the derived series: if G is solvable, then setting G'-^-' = G and taking commutator 
subgroups G''"''^-' = [G*-*-*, G'*-*] gives a series of normal subgroups, 

1 = GW<]---<GW<]G(") = G. 

We say that £ is the derived length of G. Each factor G^^VG*^'^^^ = Ai is abehan, and G^'^ 
is normal in G for all i. Since \Ai\ > 2, it is obvious that d = 0(log|G|). However, more is 



true. The composition series is a refinement of the derived series where each quotient is a cychc 
group of prime order, and the length c of this refined series is the composition length. Clearly 
c < log2 \G\. Glasby [8] showed that £ < 31og2 c + 9 = O(logc), so ^ = 0(loglog |G|). 

We focus on groups that are smoothly solvable [7] , in the sense that the abclian factors have 
constant exponent. (Their definition of smooth solvability allows the factors to be somewhat 
more general, but we avoid that here for simplicity.) Wc then have the following: 



Theorem 10. Let G be a solvable group, and let its abclian factors be of the form Ai ~ Z* . 
(or factors of such groups) where pi = 0(1). Then G possesses an e-biased set S^ of size 
(log|G|)i+°(i)poly(£-i). 

We deliberately gloss over the issue of explicitness. However, we claim that if G is poly- 
nomially uniform in the sense of [11], so that we can efficiently express group elements and 
products as a string of coset representatives in the derived series, then S^ can be computed in 
time polynomial in its size. 

Proof. Solvable groups can be approached via Clifford theory, which controls the structure of 
representations of a group G when restricted to a normal subgroup. In fact, wc require only 
a simple fact about this setting. Namely, if _ff <l G and p is an irrep of G, then either Resj:/ p 
contains only copies of the trivial representation so that p{h) = Ip^ for all /i G -ff , or Res/f p 
contains no copies of the trivial representation. 

It is easy to see that the irreps p of G for which Rcsh P is trivial are in one-to-one correspon- 
dence with irreps of the group G/H , and we will blur this distinction. With this perspective, it 
is natural to attempt to assemble an e-biased set for G from Sh, an £//-biased set for iJ, and 
'Sg/h, an £G//f -biased set for G/H. While Sh C H C G, there is — in general — no subgroup of 
G isomorphic to G / H , so it is not clear how to appropriately embed Sqiu into G. Happily, we 
will see that reasonable bounds can be obtained even with an arbitrary embedding. In particu- 
lar, we treat Sqih as a subset of G by lifting each clement x e Sq/h to an arbitrary element 
X G G lying in the _ff-cosct associated with x. 

If Sh and Sq/h were the same size, and wc could directly introduce an expander graph T 
on Sh X Sq/h, then Lemma 5 could still be used to control the bias of S* = {st \ {s,t) E F}. 
Specifically, consider a nontrivial representation p of G. If Res// p is trivial, then analogous 
to (8) we have ||Esgs/9(s)|| = ||EsgSj,,^ p{s)\\ < ^g/h- On the other hand, HKesn p restricts to 
H without any appearances of the trivial representation, then E/igg^ p(^) 1^ ^h- In this case, 
the action of the elements of Sq/h on p may be quite pathological, permuting and "twiddling" 
the i?-irreps appearing in Res/f p. However, as |lp(s)|l = 1 (by unitarity) for all s € Sq/h, we 
can conclude from Lemma 5 that ||Esgs p{s)\\ < A(r) + sh- 

We recursively apply the construction outlined above, accounting for the "tiling error" of 
finding an appropriate expander. Specifically, let us inductively assume we have e-biased sets 
S+ on G+ = G/G^'''> and S~ on G" = G^*^) for k = \£/2] , where £ is the derived length of 
G. Selecting an expander graph F of size at least a~^ maxdS""], |S'+|) and A(r) < a, for an a 
to be determined, we tile each side of the graph with elements from S^ and 5*^, completing 
them arbitrarily on the "uncovered elements." Since at most a fraction a of the elements on 
either side are uncovered, the average of a nontrivial representation over either side of the 
expander has operator norm no more than e + a. Lemma 5 then implies that the bias of the 
set S = {st I (s,i) G F} is at most A(r) -|- (e + a) < e -I- 2a. If we use the Ramanujan graphs 
of [9] described above, we can achieve degree 0{a~^) and size 0(amax(|5^|, |5'+|)). Thus, each 
recursive step of this process scales the sizes of the sets by a factor 0{a~^) and introduces 
additive error 2a. The number of levels of recursion is [log2 ^] , so if we choose a < 1/(4 [log £] ) 
then the total accumulated error is less than 1/2. 

Assuming that we have a-biased sets for each abelian factor Ai of size no more than s, 
this yields a 1/2-biased set S for G of size sa~^^°^^^ = s(log^)'^('°s^). For constant p, there 
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are a-biased sets for Z^ [1] of size s = 0{n/a^) = {log\G\)(log£)'^^^\ Using the fact [8] that 
£ = O (log log \G\), the total size of S is 

(log|G|)(log£)0('°s^) = (log|G|)(logloglog|G|)^('°si°s'°gl«l) = (log|G|)i+°(i) . 

Finally, we amplify S to an e-biased set S^ for whatever e we desire with Theorem 4, introducing 
a factor 0(e-"). D 
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A Quadratic forms associated with expander graphs 

Our goal is to establish the two generalized Rayleigh quotient bounds described in Lemmas 12 
and 5. We begin with the following preparatory lemma. 

Lemma 11. Let G = [U, V; E) be a (n, d, X)-expander. Associate with each vertex s £ U yjV a 
vector X** in <C^ such that ^ueu x" = and E„gy x'^ = 0. Then 



{u,v)eE 



(x",x-) 



< AEIIx^ 



Proof. Let X denote the 2n x d matrix whose entries are Xgk = x^.. Then the rows of X are 
the vectors x; for an column index k & {1, . . . , d}, we let y'' S C^" denote the vector associated 
with this column: 

k V 

Vv — ^k ■ 

Considering that X^m-'^" ~ Eu ^^ = 0' each y*' is orthogonal to both y+ and y^. 
The expectation over a random edge {u,v) of (x",x'^) can be written 



{u,v)£E 



E > XukXyk 



{u,v)eE 



Y.—jYl ^k^'k 



nd 

k (u,v)eE 



y ^ E XukXyk 

^-^ (u,v)£E 
k 

n ^-^ d ^-^ 

k {u,v)^E 



1 

2n 



E(y''^y') 



<^EKA^y^>l 



<lT.\\y''r-lT.\\-r-m\- 



sll2 



2n 



n 
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Lemma 12. Let G = [U, V; E) be a (n, d, X)-expander. Associate with each vertex s (z U UV a 
vector X** in C^ such that \\ ^ueu x"|| = ejj and \\ T&y(zv x'^|| = ev ■ Then 



(x",x-) 



<A(E||x^||2-^-^|+et,ev', 



{u,v)eE 
Proof of Lemma 12. Let x'^ = "^ueu x" and x^ = Et,gy x"^. We have 



E (x",x^) 

{u,v)^E 



which wc may further expand into 



E ((x"-x")+x",(x^-x^)+x^) 

(m,d)G-E 



E ((x"-x"),(x--x^))+ E (xU,(x--x^))+ E ((x"-x"),x^)+ E (x",x^) 
{u.v)eE {u,v)eE {u.v)eE {u,v)eE 

(11) 
As G is regular, the vertices of a uniformly random edge (it, v) are individually uniform on U and 
V, from which it follows that the two middle terms of (11) are both zero. Hence we conclude 
that 



E (x",x^; 

{u,v)eE 



< 



E ((x"-xU),(x--x^)) 
(u,v)eE 



(x",xV) 



Applying Lemma 11 to the the vectors 



,u 



and 



V 



we conclude that 



E ((x"-xU),(x--x^)) 
{u,v)eE 



\ U V / 



The summation ^^ ||x" — x^|p can be calculated as follows. 

5:i|x"-x"|r = ^(x"-x",x"-x") 

U U 

= $:((x",x") - (x",x") - (x",x") + (x",x")) 

u 

= ^(x",x")-n(xU,xU)-n(xU,xU)+n(xU,xU) 

U 

u 

= Eii^"i 



'2 n||xU||2 



ne 



u ■ 



Therefore, 



E ((x"-xU),(x--x^)) 
{u,v)eE 



< 



2n 



(eii-"i 



2 _„=-2 



Ell-- 



-112 -n£?. 



<A(Ei|x^ir-f -f 



By Cauchy-Schwarz, we have |(x , x )| < Su^v- In total, then. 



E (x",x-; 

(u,v)£E 



<A(E||x^||2-£li-£il 



eu£v , 



as desired. 



n 
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Lemma (Restatement of Lemma 5). Let G ~ {UUV,E) be a {n,d,\)- expander. Associate 
with each vertex s £ U ^JV a linear operator Xs on the vector space C^ such that \\Xs\\ < 1, 
II Eu^u Xu\\ = su, and \\ E„gy Xi,|j = £y. Then 



E XuX^ 

(u,v)£E 



< A + (1 - A)£c/£y • 



Proof of Lemma 5. Let X denote the linear operator E(-„ ^jg^; X„X„. Writing 

llXll = max |(x,Xy)|, 
lly||=i 



we observe that 



(x,Xy) = (x, E X^X,y 
(u,v)eE 



E (Xtx,X„y) 
{u,v)eE 



Considering the bounds on E„ Xu and E„ X„, it follows that || E„ X^x|| < ejj and || E„ Xjjy\\ < 
ev', applying Lemma 12 with the vector family x" = X^x and x'^ = X^y we conclude that 

|(x, Xy)\ < max A (e ||x^|p - |^ - |l) + SuSv 

< max A (1 — Su6v) + Su^v < A + (1 - X)eu£v 

5y<€v 



as S?r + Si > 2SuS 



^U '^ "V 



uov- 



n 



B A tail bound for products of operator-valued random 
variables 



Our goal is to establish the following tail bound (a restatement and expansion of Theorem 3) . 

Theorem (Restatement of Theorem 3). Let P{H) denote the cone of positive operators on the 
Hilbert space H and let Pi,. . . ,Pk be independent random variables taking values in P{H) for 
which 

\\P,\\ < 1, and \\E[Pi]\\ <l-5. 



Then for any A > 0, 
Pr 



k5 



Pfe---Pi|| > VdimiJexp( -^ + A 



In particular, choosing A = k5/3, we conclude that 

kS" 



< dim H ■ exp 



2fcln2 



Pr 



|Pfc • • • Pi II > VdimiJexp - 



6 



< dim H ■ exp 



kS^ 
18 In 2 



< dim H ■ exp 



kS^ 

U 



Recall Azuma's inequality for supcrmartingalcs: 



Theorem 13 (Azuma's inequality). Let Xq, . . . , Xt be a family of real-valued random variables 
for which \Xi — Xi-i\ < ai and E[Xi \ Xi, . . . ,Xi^i] < Xi-i. Then 



Pr[XT - ATq > A] < exp 



A^ 
2E. 



14 



Corollary 14. Let Xq, . . . , Xt be a family of real-valued random variables for which Xi^i — on < 
Xi < Xi^i and K[Xi \ Xi, . . . , Xi_i] < Xi^i — Si for some Si < a;. Then 



Pr[XT -Xo>-^e, + \]< exp f -^ 



A2 



■.Oii 



Proof. Apply Azuma's inequality to the random variables Xt = Xt + ^^ £i 



D 



Proof of Theorem 3. We begin by considering the behavior of the operator P^ • • • Pi on a partic- 
ular vector V. To complete the proof we will select an orthonormal basis B of H . The operator 
norm is bounded above by the Frobenius norm, 



\Pk ■ --PiW < \\Pk ■■■PiWf^ JV] \\Pk ■ . .PiblP < VdMif . maxllPfc . . .Pib 



beK 



beB 



(12) 



Now fix a unit-length vector v e iJ and consider the random variables 

vo = V, vi = Piv, V2 = P2P1V, 

and 

^_ fl|vi||/||vi_i|| ifvi.i^O, 

1 otherwise, 

Our goal is to establish strong tail bounds on the random variable ||vk|| = ik^k-i • ■ • ^i- Recalling 
that jl ]E[Pi]|| < 1 — £ and that the Pi are independent we have 



E[£, |Pi,...,P,_i] <l-e. 



(13) 



and we proceed to apply a martingale tail bound. 

It will be more convenient to work with log-bounded random variables, so we define m^ = 
max(£i,l/2) and observe that ||vk|| < rukruk-i ■ ■ .mi and ln|jvk|| < ^^Inrrii. Consider- 
ing that max(a;, 1/2) < (1 -I- x)/2 for x G [0,1] we conclude from equation (13) above that 
E [rrii I Pi, ... , Pi_i] < 1 — e/2. Since 1/2 < m^ < 1 and Inrn < rn — 1 for m > 0, we have 

E[lnm, |Pi,...,P,_i] < -e/2. (14) 

Applying Azuma's inequality (specifically. Corollary 14 above) to the random variables Mt = 
J2i=i liiTTii, we conclude that 

Pr Mk > -^-F A =Pr 

and hence 



ke 



^Inm^ > -— + A 



< exp 



2fc In 2 



Pr 



|Pfc---Piv|| >exp( -y + A 



< 



exp 



Applying the above inequality to an orthonormal basis bi 

ke 



Pr 



3i: ||Pfe---Pibi||2>exp 



2fcln2, 
bn of H, we find that 

A2 



by the union bound. Applying (12) then gives 



Pr 



|Pfc---Pi|| > VdimiJexp ( -— + A 



< dim H ■ exp 



< dim H ■ exp 



2fc In 2 



A2 



2fc In 2 



D 
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